Postman

Type your comment> @Pratik said:

Type your comment> @garbo77 said:

I got access with r… user and found the i._…k file.
I have used ssh2john to move it to hash and john to find the passphrase…I got a match with c…8 but connection get closed…for sure I do something wrong, but what?

In which directory user.txt is saved? Think and check users.

rooted…enumerate enumerate enumerate :slight_smile:

I am trying to sync redis slave to master but it does not seem to work. Any nudge?

Type your comment> @garbo77 said:

rooted…enumerate enumerate enumerate :slight_smile:

PM me? I don’t understand why I’m getting connection closed.

Type your comment> @garbo77 said:

I got access with r… user and found the i._…k file.
I have used ssh2john to move it to hash and john to find the passphrase…I got a match with c…8 but connection get closed…for sure I do something wrong, but what?

I’m exactly in the same point…

spoiler removed

If you see “connection get closed” then try the password you found elsewhere.

@LoRKa said:

Rooted. The box is quite easy although you can always learn something.
There are too many hints in the forum to solve this.
Something that I have found curious is to see how the author has left all .bash_history with his commands.

Enjoy friends!

:smiley: OOPS! That should of definatly not been left behind! I guess we all make mistakes XD

@thr33per @n4v1n @0X44696F21 Thanks for your kind words! I’m glad you all enjoyed it!

I’have some errors on remote “r***” (for first shell) but not in my local instance is a normal behavior ? .

Rooted. The user was way harder than root.
I got the root in 5 minutes after root ( research included )
If you need some hints feel free to PM me.

Special thanks to @PinkDraconian who helped me in the process :smiley:

need hint for root pls dm me

Type your comment> @ethicalkiller said:

need hint for root pls dm me

Use information from your initial recon, you’ll know where to go next.

I’ve got r**s user. I don’t know how to use the i_**a.bak file to proceed. Any help would be awesome.

Thanks @TheCyberGeek. Was indeed an easy one. Did go directly to root, with information found in shell via r*.

User: Go through r* to get the key and use the pass.
Root: CVE

can i get the user the same way i got on the box?

EDIT: I should just read the post above…

Relatively easy, but made me realize that i still dont have a routine and i fall for rabbitholes. I still think it was entertaining and actually rating is spot on.

@Quacktop Thanks for your kind words though! Could you PM me though I would be interested to know the route you took :slight_smile:

@blaudoom I’m glad you enjoyed it! Sometimes we can all get mislead in some way. What’s important is you figured out how to get past it! Thanks for your kind feedback!

Was a very fun box

hints for initial:

  • do your basic enum and google for the non standard ports and get articles
  • follow the article to find out what works. then update your exploit and run

hint for user:

  • think about where juicy data can be and search for it

hint for root:

  • go back to start and try other things
  • like @Quacktop said CVE

like always if it spoilers too much please delete

If help is needed PM me

Rooted. Wow I feel dumb, the privesc from foothold to user was glaringly easy but my brain just died. Overall fun box but I feel the root was a bit too easy.

Really fun box :slight_smile: I have a tendency to overthink “easy” boxes which got me stuck a couple of times.